Proofpoint cybersecurity experts: Hundreds of messages with links sent to recipients across multiple organizations. Cybercrime or Cyber Espionage?
Over than 140 International Airlines could have suffered a major cyber security and data breach. This thanks to a vulnerability in the Amadeus system. It could affect tens of millions of travelers
More than 140 International Airlines could have suffered a major security breach. Thanks to a flaw in the Amadeus online reservation system, the malicious hackers could have access to private informations of flight bookings made by millions of customers. It has been discovered by the cyber security expert and hactivist, Noam Roten, who works at Safety Detective’s research labs. The system controls over 44% of the of the international carriers market, and the vulnerability potentially affects tens of millions of travelers. As described, the security bug was found when trying to book a flight on the EL AL airline, Israel’s national carrier, which sent the security researchers a link to check the PNR: “https://fly.elal.co.il/LOTS-OF-NUMBERS-HERE”. From there it was only a matter of changing the RULE_SOURCE_1_ID, which allowed them to view any Passenger Name Record (PNR), giving them access to the passengers’ names as well as to all associated flight details.
How the flaw works and what is possible to to exploiting
Not only. Using the customer name and the PNR code, the cyber security researchers were then able to successfully log into the Airline customer portal. According to which allowed them to Safety Detective’s research labs, it granted them to “make changes, claim frequent flyer miles to a personal account, assign seats and meals, and update the customer’s email and phone number, which could then be used to cancel/change flight reservation via customer service.” After running a small and non-threatening script to check for any brute-force protections, none of which were found, “we were able to find PNRs of random customers, which included all of their personal information.”, the company’s blog continues. “We contacted ELAL immediately to point out the threat and prompt them to close the breach before it was discovered by anyone with malicious intentions.”